betav0.1.0

Privacy Policy

Last updated: December 3, 2025

This Privacy Policy describes how Nextcrafter Labs (OPC) Private Limited, operating Craft and the Craft.fast website ("Craft," "we," "us," or "our") collects, uses, and shares your personal information when you use our AI-powered development platform and related services.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, username, and password when you create an account.
  • Payment Information: Billing details, payment card information (processed securely through Razorpay in USD), and transaction history for balance top-ups and usage.
  • Profile Information: Optional information such as name, profile picture, and preferences.
  • Communications: Information you provide when you contact our support team or participate in surveys.

1.2 Information We Collect Automatically

  • Usage Data: Information about how you interact with our platform, including features used, projects created, and time spent.
  • Device Information: IP address, browser type, operating system, device identifiers, and language preferences.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance your experience.
  • Analytics Data: We use Vercel Analytics and Speed Insights to collect performance and usage metrics.
  • Log Data: Server logs, error reports, and diagnostic information.

1.3 Content and Code Data

  • Projects and Code: All code, files, and projects you create or upload to our platform.
  • AI Prompts and Conversations: Your interactions with our AI assistant, including prompts, questions, and generated responses.
  • Third-Party Service Integration Data: When you connect third-party services (Supabase, Vercel, GitHub, Figma) to your Craft account, we may access limited data from those services as necessary to provide integration functionality. Database content and storage are managed directly in your Supabase account, not on Craft servers.
  • Integrations: Data from connected services like GitHub, Figma, Vercel, and Supabase to enable platform features.

2. How We Use Your Information

We use the information we collect to:

  • Provide and Improve Services: Operate, maintain, and enhance our platform and AI capabilities.
  • Personalization: Customize your experience based on your usage patterns and preferences.
  • AI Training: We may use your prompts and interactions to improve our AI models. Enterprise users can opt out of AI training.
  • User Memory: Store context and preferences to provide better assistance over time.
  • Process Payments: Handle billing, subscriptions, token usage, and additional token purchases for Pro and Enterprise plans. Track token expiration dates (1 year from purchase for token packages).
  • Communication: Send service updates, security alerts, and support messages.
  • Security: Detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
  • Analytics: Understand usage patterns and improve platform performance.
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service.

3. How We Share Your Information

We may share your information in the following circumstances:

3.1 Service Providers

  • Payment Processors: Razorpay for payment processing (they have their own privacy policies).
  • Cloud Infrastructure: Vercel for hosting the Craft platform.
  • AI Services: Third-party AI model providers for natural language processing and code generation.
  • Analytics Providers: Vercel Analytics for usage statistics and performance monitoring.
  • Database Services: Neon (PostgreSQL) for storing Craft platform data (user accounts, project metadata, billing records). Your application databases are managed in your own Supabase account.

3.2 Legal Requirements

We may disclose your information if required by law, subpoena, or legal process, or to protect our rights, users, or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so.

3.5 Public Projects

If you make a project public or deploy it, the associated code and content may be visible to others.

4. Data Retention

  • Account Data: Retained for as long as your account is active or as needed to provide services.
  • Projects and Code: Stored indefinitely unless you delete them or close your account. Note that code deployed to your Vercel account or stored in your GitHub repository is managed by those services according to their retention policies.
  • AI Conversations: Retained as needed to retrain our AI models and improve the app-building experience. We do not guarantee specific retention periods, as data may be used to continuously enhance service quality and provide a smoother development experience.
  • Payment Records: Retained for 7 years for accounting and tax compliance.
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely.
  • Third-Party Data: Database content in your Supabase account, deployed applications on Vercel, and code in GitHub are retained according to those services' policies. Deleting your Craft account does not automatically delete data in connected third-party services.
  • Deletion: You can request deletion of your data by contacting support. Some data may be retained as required by law. You are responsible for managing data deletion in your connected third-party accounts (Supabase, Vercel, etc.).

5. Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and password hashing
  • Regular security audits and vulnerability assessments
  • Access controls and least-privilege principles
  • Monitoring and logging of security events
  • Incident response and breach notification procedures

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

6. Your Rights and Choices

6.1 Access and Portability

You can access your personal information and download your projects and data at any time through your account settings.

6.2 Correction and Updates

You can update your account information, profile, and preferences in your account settings.

6.3 Deletion

You can delete individual projects or your entire account. Contact support@craft.fast for complete data deletion.

6.4 Opt-Out Rights

  • Marketing Communications: Unsubscribe from promotional emails using the link in each message.
  • Cookies: Configure your browser to refuse cookies, though this may limit functionality.
  • Analytics: Pro and Enterprise users can request to opt out of certain analytics.
  • AI Training: Enterprise users can opt out of having their data used for AI model training.

6.5 Regional Rights

Depending on your location, you may have additional rights:

  • GDPR (EU/EEA): Right to access, rectification, erasure, restriction, portability, and objection.
  • CCPA (California): Right to know, delete, and opt out of sale of personal information (we do not sell personal information).
  • Other Jurisdictions: Rights may vary based on local data protection laws.

7. Children's Privacy

Craft is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it. If you believe a child has provided us with personal information, please contact us at privacy@craft.fast.

8. International Data Transfers

Craft operates globally and may transfer your information to countries outside your residence, including the United States. These countries may have different data protection laws. We use appropriate safeguards, including standard contractual clauses, to protect your information during international transfers.

9. Third-Party Links and Services

Our platform may contain links to third-party websites and integrate with external services (GitHub, Figma, Vercel, Supabase, etc.). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

9.1 Infrastructure Services

Craft integrates with third-party services for infrastructure needs:

  • Supabase: When you connect your Supabase account, your application databases and storage are managed directly by Supabase in your account. Craft accesses this data only as necessary to provide development features. Your database content is subject to Supabase's privacy policy, not stored on Craft servers.
  • Vercel: When you connect your Vercel account for deployment, your deployed applications run on Vercel's infrastructure. Deployment logs and runtime data are managed by Vercel according to their privacy policy.
  • GitHub: Code synchronization and version control data are managed by GitHub according to their privacy policy.
  • Figma: Design import and sync data are managed by Figma according to their privacy policy.

You are responsible for understanding and complying with the privacy policies of these third-party services. Craft only stores connection credentials (encrypted) and minimal metadata needed for integration functionality.

10. AI-Specific Privacy Considerations

10.1 AI Model Training

  • Hobby Users: Your prompts and interactions may be used to improve AI models.
  • Pro Users: Your data may be used for model improvement with enhanced privacy controls.
  • Enterprise Users: Can opt out of AI training entirely.

10.2 AI-Generated Content

AI-generated code and content are provided "as is." We do not claim ownership of AI-generated output, but you are responsible for reviewing and validating all AI suggestions before use.

10.3 Context and Memory

Our AI uses context from your previous interactions to provide better assistance. This memory is stored securely and subject to retention periods based on your plan.

11. Credit Usage and Billing

For users on paid plans:

  • We track token usage for billing and service delivery purposes
  • We store purchase dates and expiration dates for purchased token packages (1 year validity period)
  • Usage data is retained for accounting and dispute resolution
  • Pro users: Generous AI usage allocation - code without anxiety
  • Hobby users: Limited AI usage allocation
  • Enterprise users: Custom usage allocations tailored to your needs
  • Detailed usage logs are available in your account dashboard

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice (such as email notification). Your continued use of Craft after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Nextcrafter Labs (OPC) Private Limited

Bangalore, India

Operating: Craft.fast

Email: privacy@craft.fast

Support: support@craft.fast

Data Protection Officer: dpo@craft.fast

14. Additional Resources